Use of the Internet has become commonplace and an everyday occurrence to significant portions of the World's population. Such use of the Internet often includes secured access, utilizing security features, for example Secure Socket Layer (SSL) or Hypertext Transfer Protocol Secured (HTTPS) connections. Mobile stations have developed so as to also afford users the ability to access the Internet. In addition, the communications that such devices offer, via wireless mobile communications network, enable users to talk and exchange various types of messages for business and personal reasons and to access information, all from or while traveling through any location where a network provides service.
SSL is a protocol that uses a cryptographic system employing two keys to encrypt data: a public key known to everyone and a private or secret key known only to the recipient of the message. Transport Layer Security (TLS) protocol is a successor to SSL. Hypertext Transfer Protocol Secure (HTTPS) is a combination of the Hypertext Transfer Protocol with the SSL/TLS protocol to provide encrypted communication and secure identification of a network web server. HTTPS connections are often used for payment transactions on the World Wide Web and for sensitive transactions in corporate information systems.
A virtual private network (VPN) supplies network connectivity over a possibly long physical distance. VPN technologies include various security mechanisms to protect the virtual, private connections. In this respect, a VPN is a form of Wide Area Network (WAN). VPNs enable file sharing, video conferencing and similar network services. A key feature of a VPN is its ability to work over private networks as well as public networks like the Internet. Using a method called tunneling, a VPN can use the same hardware infrastructure as existing Internet or intranet links.
Normally SSL connections or HTTPS connections just authenticate the identity of the server the client is establishing a session to. For example, when a web browser tries to securely connect to a bank's server, the browser checks that the certificate provided by the server is authentic and certifies that the web server belongs to the bank. SSL also provides a means to authenticate the client by certificates or pre-shared keys but those means are rarely used. Client-side authentication is only used when the server wants to give access to only authentic clients, for example, through a network-side SSL gateway.
Authenticating the client means that one has to undertake the task of distributing certificates to all devices over a secure out-of-channel means to distribute keys to all these devices. In addition, as the client-side authentication is rarely used, new devices like Smartphones and new operating systems like Android do not have built-in support for client-side certificate management and operations.
Network security equipment enables end-customers' devices to establish secure connections to the network, for example, through VPN or SSL gateways. While setting up these secure connections mutual authentication is required. Mutual authentication implies that the customer device authenticates that it is talking to the true and valid operator's network and the network authenticates that it is establishing a secure tunnel with a true and valid end-device, e.g., a mobile station with authentic client applications. Authenticating a network is typically straight forward as the network element can have a public certificate that generates trust. Authenticating devices on the other hand is more complicated as it involves distributing unique keys or certificates to multiple devices.